Home Tags Transport Layer Security (TLS)

Tag: Transport Layer Security (TLS)

Symantec promises audit-fest to placate Google trust reduction plans

TLS certificate vendor says it will even audit its previous audits to prevent having Google reduce its trust on Symantec certificates.

DNS record will help prevent unauthorized SSL certificates

In a few months, publicly trusted certificate authorities will have to start honoring a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.The Certification Authority Authorization (CAA) DNS record became a standard in 2013 but didn't have much of a real-world impact because certificate authorities (CAs) were under no obligation to conform to them.[ Expand your security career horizons with these essential certifications for smart security pros. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]The record allows a domain owner to list the CAs that are allowed to issue SSL/TLS certificates for that domain.

The reason for this is to limit cases of unauthorized certificate issuance, which can be accidental or intentional, if a CA is compromised or has a rogue employee.To read this article in full or to leave a comment, please click here

Cyber-Thieves Using Persistent Bot to Steal Gift Card Balances

DAILY VIDEO: Cyber-thieves using GiftGhostBot to steal gift card balances; Google threatens to distrust Symantec SSL/TLS certificates; Google warns users it plans to remove SMS texting from Hangouts; and there's more.

Google Threatens to Distrust Symantec SSL/TLS Certificates

Google is warning that it intends to deprecate and remove trust in Symantec-issued SSL/TLS certificates, as Symantec shoots back that the move is unwarranted.

Google Slams Symantec for ‘Failures’ in SSL/TLS Certificate Process

Google Chrome engineers railed on Symantec for allegedly issuing thousands of security certificates that had not been properly validated.

Google to Symantec: We don’t trust you anymore

Security teams, network administrators, and operations teams have some busy days ahead.

Google’s Chrome development team is fed up with Symantec as a certificate authority, and has announced plans to no longer trust current Symantec certificates.In the past 18 months, Google has tangled repeatedly with Symantec over the way it issues transport layer security (TLS) certificates, with Symantec promising to do better.

The latest incident--an investigation into 127 mis-issued certificates--ballooned into “at least 30,000, issued over a period spanning several years,” Ravi Sleevi, a software engineer on the Google Chrome team, wrote on the Blink online forum. As a result, the Chrome developers “no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.”To read this article in full or to leave a comment, please click here

Google proposes sending Symantec to TLS sin bin

Certificates from Symantec would have their trust period reduced to nine months under Google's plan.

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs...

Chrome to immediately stop recognizing EV status and gradually nullify all certs.

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.

US-CERT Warns That HTTPS Inspection Tools Weaken TLS

Turns out that man-in-the-middling your own traffic isn't the safest way to look for man-in-the-middle attacks.

It’s time to turn on HTTPS: the benefits are well worth...

After Edward Snowden revealed that online communications were being collected en masse by some of the world’s most powerful intelligence agencies, security experts called for encryption of the entire web.

Four years later, it looks like we’ve passed the tipping point.The number of websites supporting HTTPS—HTTP over encrypted SSL/TLS connections—has skyrocketed over the past year.

There are many benefits to turning on encryption, so if your website not yet support the technology it’s time to make the move.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]Recent telemetry data from Google Chrome and Mozilla Firefox shows that over 50 percent of web traffic is now encrypted, both on computers and mobile devices. Most of that traffic goes to a few large websites, but even so, it’s a jump of over 10 percentage points since a year ago.To read this article in full or to leave a comment, please click here

Unfixed weaknesses in Confide stoke doubts about end-to-end crypto claims

Confidential messenger service provides no authentication or integrity assurances.